Thursday, May 28, 2009

Cyber Criminals Already Gaming SCADA

Researchers at McAfee have stumbled onto something related to the problem that seems pretty innocent in terms of its overall impact, but which highlights the true gravity of the IT security challenges facing the infrastructure industries moving forward.

Last week, McAfee researcher Francois Paget discovered a video posted to YouTube in November 2008 in which two hackers gain access to the controls for a municipal central light system and then start playing a takeoff on the video game Space Invaders by manipulating it and turning building lights off and on.

Even though Paget openly questions the veracity of the videos, which he describes as "light-show attacks on unprepared buildings," the expert concedes that the video "confirms that hackers and cybercriminals have got their eyes on SCADA networks."

And while this simple gaming of a set of lights clearly carried out merely to prove hacking expertise is pretty benign in terms of its effect, Paget observes that no matter how harmless it may be, the tactics involved show off just the level of access that can be achieved in these environments - and by far less advanced groups than those who are suspected of doing so, such a those backed by foreign governments.